@timber-js/app 0.1.11 → 0.1.13

package/dist/server/rsc-entry/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/server/rsc-entry/index.ts"],"names":[],"mappings":"AA2EA;;;;;GAKG;AACH,wBAAgB,0BAA0B,CAAC,OAAO,EAAE,CAAC,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,KAAK,IAAI,GAAG,IAAI,CAE/F;AA8qBD,OAAO,EAAE,uBAAuB,EAAE,MAAM,gCAAgC,CAAC;8BAxjBpD,OAAO,KAAG,OAAO,CAAC,QAAQ,CAAC;AA0jBhD,wBAAiE"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/server/rsc-entry/index.ts"],"names":[],"mappings":"AA2EA;;;;;GAKG;AACH,wBAAgB,0BAA0B,CAAC,OAAO,EAAE,CAAC,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,KAAK,IAAI,GAAG,IAAI,CAE/F;AAqrBD,OAAO,EAAE,uBAAuB,EAAE,MAAM,gCAAgC,CAAC;8BA/jBpD,OAAO,KAAG,OAAO,CAAC,QAAQ,CAAC;AAikBhD,wBAAiE"}

package/dist/server/slot-resolver.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"slot-resolver.d.ts","sourceRoot":"","sources":["../../src/server/slot-resolver.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;GAgBG;AAMH,OAAO,KAAK,EAAE,mBAAmB,EAAE,UAAU,EAAE,MAAM,eAAe,CAAC;AAErE,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,oBAAoB,CAAC;AAE9D,KAAK,eAAe,GAAG,CAAC,GAAG,IAAI,EAAE,OAAO,EAAE,KAAK,KAAK,CAAC,YAAY,CAAC;AAElE;;;;;;;;;;GAUG;AACH,wBAAsB,kBAAkB,CACtC,QAAQ,EAAE,mBAAmB,EAC7B,KAAK,EAAE,UAAU,EACjB,aAAa,EAAE,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC,CAAC,EACzD,CAAC,EAAE,eAAe,EAClB,YAAY,CAAC,EAAE,mBAAmB,GACjC,OAAO,CAAC,KAAK,CAAC,YAAY,GAAG,IAAI,CAAC,CAiKpC"}
+{"version":3,"file":"slot-resolver.d.ts","sourceRoot":"","sources":["../../src/server/slot-resolver.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;GAgBG;AAMH,OAAO,KAAK,EAAE,mBAAmB,EAAE,UAAU,EAAE,MAAM,eAAe,CAAC;AAErE,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,oBAAoB,CAAC;AAE9D,KAAK,eAAe,GAAG,CAAC,GAAG,IAAI,EAAE,OAAO,EAAE,KAAK,KAAK,CAAC,YAAY,CAAC;AAElE;;;;;;;;;;GAUG;AACH,wBAAsB,kBAAkB,CACtC,QAAQ,EAAE,mBAAmB,EAC7B,KAAK,EAAE,UAAU,EACjB,aAAa,EAAE,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC,CAAC,EACzD,CAAC,EAAE,eAAe,EAClB,YAAY,CAAC,EAAE,mBAAmB,GACjC,OAAO,CAAC,KAAK,CAAC,YAAY,GAAG,IAAI,CAAC,CAkKpC"}

package/dist/server/ssr-entry.d.ts

@@ -46,6 +46,13 @@ export interface NavContext {
     /** Request cookies as name→value pairs. Used by useCookie() during SSR
      *  to return correct cookie values before hydration. */
     cookies?: Map<string, string>;
+    /**
+     * Mutable flag: set by TimberErrorBoundary during SSR when it catches
+     * a DenySignal (via digest). This tells the RSC entry that the denial
+     * was contained by a slot error boundary and should NOT be promoted
+     * to a page-level deny. See LOCAL-298.
+     */
+    _denyHandledByBoundary?: boolean;
 }
 /**
  * Handle SSR: decode an RSC stream and render it to hydration-ready HTML.

package/dist/server/ssr-entry.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"ssr-entry.d.ts","sourceRoot":"","sources":["../../src/server/ssr-entry.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AA6BH;;;;;GAKG;AACH,MAAM,WAAW,UAAU;IACzB,6BAA6B;IAC7B,QAAQ,EAAE,MAAM,CAAC;IACjB,mEAAmE;IACnE,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC,CAAC;IAC1C,iCAAiC;IACjC,YAAY,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACrC,qCAAqC;IACrC,UAAU,EAAE,MAAM,CAAC;IACnB,6CAA6C;IAC7C,eAAe,EAAE,OAAO,CAAC;IACzB,0DAA0D;IAC1D,QAAQ,EAAE,MAAM,CAAC;IACjB,8EAA8E;IAC9E,sBAAsB,EAAE,MAAM,CAAC;IAC/B,qEAAqE;IACrE,SAAS,CAAC,EAAE,cAAc,CAAC,UAAU,CAAC,CAAC;IACvC;;;0DAGsD;IACtD,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B;;iFAE6E;IAC7E,MAAM,CAAC,EAAE,WAAW,CAAC;IACrB;4DACwD;IACxD,OAAO,CAAC,EAAE,GAAG,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CAC/B;AAED;;;;;;;;;;;;;;;;;;;;GAoBG;AACH,wBAAsB,SAAS,CAC7B,SAAS,EAAE,cAAc,CAAC,UAAU,CAAC,EACrC,UAAU,EAAE,UAAU,GACrB,OAAO,CAAC,QAAQ,CAAC,CA2EnB;AAED,eAAe,SAAS,CAAC"}
+{"version":3,"file":"ssr-entry.d.ts","sourceRoot":"","sources":["../../src/server/ssr-entry.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AA6BH;;;;;GAKG;AACH,MAAM,WAAW,UAAU;IACzB,6BAA6B;IAC7B,QAAQ,EAAE,MAAM,CAAC;IACjB,mEAAmE;IACnE,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC,CAAC;IAC1C,iCAAiC;IACjC,YAAY,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACrC,qCAAqC;IACrC,UAAU,EAAE,MAAM,CAAC;IACnB,6CAA6C;IAC7C,eAAe,EAAE,OAAO,CAAC;IACzB,0DAA0D;IAC1D,QAAQ,EAAE,MAAM,CAAC;IACjB,8EAA8E;IAC9E,sBAAsB,EAAE,MAAM,CAAC;IAC/B,qEAAqE;IACrE,SAAS,CAAC,EAAE,cAAc,CAAC,UAAU,CAAC,CAAC;IACvC;;;0DAGsD;IACtD,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B;;iFAE6E;IAC7E,MAAM,CAAC,EAAE,WAAW,CAAC;IACrB;4DACwD;IACxD,OAAO,CAAC,EAAE,GAAG,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAC9B;;;;;OAKG;IACH,sBAAsB,CAAC,EAAE,OAAO,CAAC;CAClC;AAED;;;;;;;;;;;;;;;;;;;;GAoBG;AACH,wBAAsB,SAAS,CAC7B,SAAS,EAAE,cAAc,CAAC,UAAU,CAAC,EACrC,UAAU,EAAE,UAAU,GACrB,OAAO,CAAC,QAAQ,CAAC,CA4EnB;AAED,eAAe,SAAS,CAAC"}

package/dist/server/tree-builder.d.ts

@@ -40,6 +40,16 @@ export interface TreeBuilderConfig {
     loadModule: ModuleLoader;
     /** React.createElement or equivalent. */
     createElement: CreateElement;
+    /**
+     * Error boundary component for wrapping segments.
+     *
+     * This is injected by the caller rather than imported directly to avoid
+     * pulling 'use client' code into the server barrel (@timber-js/app/server).
+     * In the RSC environment, the RSC plugin transforms this import to a
+     * client reference proxy — the caller handles the import so the server
+     * barrel stays free of client dependencies.
+     */
+    errorBoundaryComponent?: unknown;
 }
 /**
  * Framework-injected access gate component.

package/dist/server/tree-builder.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"tree-builder.d.ts","sourceRoot":"","sources":["../../src/server/tree-builder.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,OAAO,KAAK,EAAE,WAAW,EAAE,SAAS,EAAE,MAAM,oBAAoB,CAAC;AAKjE,mDAAmD;AACnD,MAAM,WAAW,YAAY;IAC3B,4DAA4D;IAC5D,OAAO,CAAC,EAAE,OAAO,CAAC;IAClB,mEAAmE;IACnE,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;CACxB;AAED,iDAAiD;AACjD,MAAM,MAAM,YAAY,GAAG,CAAC,IAAI,EAAE,SAAS,KAAK,YAAY,GAAG,OAAO,CAAC,YAAY,CAAC,CAAC;AAErF,gFAAgF;AAEhF,MAAM,MAAM,YAAY,GAAG,GAAG,CAAC;AAE/B,oFAAoF;AACpF,MAAM,MAAM,aAAa,GAAG,CAC1B,IAAI,EAAE,OAAO,EACb,KAAK,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,IAAI,EACrC,GAAG,QAAQ,EAAE,OAAO,EAAE,KACnB,YAAY,CAAC;AAElB;;;GAGG;AACH,MAAM,MAAM,YAAY,GAAG,GAAG,CAAC,MAAM,EAAE,YAAY,CAAC,CAAC;AAErD,0CAA0C;AAC1C,MAAM,WAAW,iBAAiB;IAChC,mDAAmD;IACnD,QAAQ,EAAE,WAAW,EAAE,CAAC;IACxB,mFAAmF;IACnF,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC,CAAC;IAC1C,uDAAuD;IACvD,YAAY,EAAE,OAAO,CAAC;IACtB,mCAAmC;IACnC,UAAU,EAAE,YAAY,CAAC;IACzB,yCAAyC;IACzC,aAAa,EAAE,aAAa,CAAC;CAC9B;AAID;;;;;;;GAOG;AACH,MAAM,WAAW,eAAe;IAC9B,QAAQ,EAAE,CAAC,GAAG,EAAE;QAAE,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC,CAAC;QAAC,YAAY,EAAE,OAAO,CAAA;KAAE,KAAK,OAAO,CAAC;IACjG,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC,CAAC;IAC1C,YAAY,EAAE,OAAO,CAAC;IACtB,wEAAwE;IACxE,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB;;;;;OAKG;IACH,OAAO,CAAC,EACJ,MAAM,GACN,OAAO,iBAAiB,EAAE,UAAU,GACpC,OAAO,iBAAiB,EAAE,cAAc,CAAC;IAC7C,QAAQ,EAAE,YAAY,CAAC;CACxB;AAED;;;GAGG;AACH,MAAM,WAAW,mBAAmB;IAClC,QAAQ,EAAE,CAAC,GAAG,EAAE;QAAE,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC,CAAC;QAAC,YAAY,EAAE,OAAO,CAAA;KAAE,KAAK,OAAO,CAAC;IACjG,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC,CAAC;IAC1C,YAAY,EAAE,OAAO,CAAC;IACtB,cAAc,EAAE,YAAY,GAAG,IAAI,CAAC;IACpC,eAAe,EAAE,YAAY,GAAG,IAAI,CAAC;IACrC,QAAQ,EAAE,YAAY,CAAC;CACxB;AAED;;;GAGG;AACH,MAAM,WAAW,kBAAkB;IACjC,iBAAiB,EAAE,YAAY,GAAG,IAAI,CAAC;IACvC,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,QAAQ,EAAE,YAAY,CAAC;CACxB;AAID;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B,oEAAoE;IACpE,IAAI,EAAE,YAAY,CAAC;IACnB,gFAAgF;IAChF,UAAU,EAAE,OAAO,CAAC;CACrB;AAED;;;;;;;;;;;GAWG;AACH,wBAAsB,gBAAgB,CAAC,MAAM,EAAE,iBAAiB,GAAG,OAAO,CAAC,eAAe,CAAC,CAiF1F"}
+{"version":3,"file":"tree-builder.d.ts","sourceRoot":"","sources":["../../src/server/tree-builder.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,OAAO,KAAK,EAAE,WAAW,EAAE,SAAS,EAAE,MAAM,oBAAoB,CAAC;AAIjE,mDAAmD;AACnD,MAAM,WAAW,YAAY;IAC3B,4DAA4D;IAC5D,OAAO,CAAC,EAAE,OAAO,CAAC;IAClB,mEAAmE;IACnE,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;CACxB;AAED,iDAAiD;AACjD,MAAM,MAAM,YAAY,GAAG,CAAC,IAAI,EAAE,SAAS,KAAK,YAAY,GAAG,OAAO,CAAC,YAAY,CAAC,CAAC;AAErF,gFAAgF;AAEhF,MAAM,MAAM,YAAY,GAAG,GAAG,CAAC;AAE/B,oFAAoF;AACpF,MAAM,MAAM,aAAa,GAAG,CAC1B,IAAI,EAAE,OAAO,EACb,KAAK,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,IAAI,EACrC,GAAG,QAAQ,EAAE,OAAO,EAAE,KACnB,YAAY,CAAC;AAElB;;;GAGG;AACH,MAAM,MAAM,YAAY,GAAG,GAAG,CAAC,MAAM,EAAE,YAAY,CAAC,CAAC;AAErD,0CAA0C;AAC1C,MAAM,WAAW,iBAAiB;IAChC,mDAAmD;IACnD,QAAQ,EAAE,WAAW,EAAE,CAAC;IACxB,mFAAmF;IACnF,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC,CAAC;IAC1C,uDAAuD;IACvD,YAAY,EAAE,OAAO,CAAC;IACtB,mCAAmC;IACnC,UAAU,EAAE,YAAY,CAAC;IACzB,yCAAyC;IACzC,aAAa,EAAE,aAAa,CAAC;IAC7B;;;;;;;;OAQG;IACH,sBAAsB,CAAC,EAAE,OAAO,CAAC;CAClC;AAID;;;;;;;GAOG;AACH,MAAM,WAAW,eAAe;IAC9B,QAAQ,EAAE,CAAC,GAAG,EAAE;QAAE,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC,CAAC;QAAC,YAAY,EAAE,OAAO,CAAA;KAAE,KAAK,OAAO,CAAC;IACjG,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC,CAAC;IAC1C,YAAY,EAAE,OAAO,CAAC;IACtB,wEAAwE;IACxE,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB;;;;;OAKG;IACH,OAAO,CAAC,EACJ,MAAM,GACN,OAAO,iBAAiB,EAAE,UAAU,GACpC,OAAO,iBAAiB,EAAE,cAAc,CAAC;IAC7C,QAAQ,EAAE,YAAY,CAAC;CACxB;AAED;;;GAGG;AACH,MAAM,WAAW,mBAAmB;IAClC,QAAQ,EAAE,CAAC,GAAG,EAAE;QAAE,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC,CAAC;QAAC,YAAY,EAAE,OAAO,CAAA;KAAE,KAAK,OAAO,CAAC;IACjG,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC,CAAC;IAC1C,YAAY,EAAE,OAAO,CAAC;IACtB,cAAc,EAAE,YAAY,GAAG,IAAI,CAAC;IACpC,eAAe,EAAE,YAAY,GAAG,IAAI,CAAC;IACrC,QAAQ,EAAE,YAAY,CAAC;CACxB;AAED;;;GAGG;AACH,MAAM,WAAW,kBAAkB;IACjC,iBAAiB,EAAE,YAAY,GAAG,IAAI,CAAC;IACvC,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,QAAQ,EAAE,YAAY,CAAC;CACxB;AAID;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B,oEAAoE;IACpE,IAAI,EAAE,YAAY,CAAC;IACnB,gFAAgF;IAChF,UAAU,EAAE,OAAO,CAAC;CACrB;AAED;;;;;;;;;;;GAWG;AACH,wBAAsB,gBAAgB,CAAC,MAAM,EAAE,iBAAiB,GAAG,OAAO,CAAC,eAAe,CAAC,CAyF1F"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@timber-js/app",
-  "version": "0.1.11",
+  "version": "0.1.13",
   "description": "Vite-native React framework for Cloudflare Workers — correct HTTP semantics, real status codes, pages that work without JavaScript",
   "keywords": [
     "cloudflare-workers",

package/src/client/error-boundary.tsx

@@ -19,6 +19,7 @@
  */
 
 import { Component, createElement, type ReactNode } from 'react';
+import { getSsrData } from './ssr-data.js';
 
 // ─── Page Unload Detection ───────────────────────────────────────────────────
 // Track whether the page is being unloaded (user refreshed or navigated away).
@@ -70,6 +71,13 @@ export interface TimberErrorBoundaryProps {
    * 400 = any 4xx, 500 = any 5xx, specific number = exact match.
    */
   status?: number;
+  /**
+   * When true, catching a DenySignal sets _denyHandledByBoundary on the
+   * nav context to prevent page-level deny promotion. Only slot catch-all
+   * boundaries should set this — segment boundaries (403.tsx, 4xx.tsx,
+   * error.tsx) must NOT, otherwise normal page denies get swallowed.
+   */
+  isSlotBoundary?: boolean;
   children: ReactNode;
 }
 
@@ -97,6 +105,7 @@ export class TimberErrorBoundary extends Component<
     if (_isUnloading) {
       return { hasError: false, error: null };
     }
+
     return { hasError: true, error };
   }
 
@@ -139,6 +148,20 @@ export class TimberErrorBoundary extends Component<
       }
     }
 
+    // Report DenySignal handling to prevent page-level promotion — but only
+    // for slot boundaries. Segment boundaries (403.tsx, 4xx.tsx, error.tsx)
+    // must NOT set this flag, otherwise normal page/hold-window denies get
+    // swallowed as 200 with boundary HTML instead of the intended 4xx.
+    // Runs here in render() (not getDerivedStateFromError) so the status
+    // filter has already been applied — non-matching boundaries re-threw above.
+    // See LOCAL-298.
+    if (parsed?.type === 'deny' && this.props.isSlotBoundary) {
+      const ssrData = getSsrData();
+      if (ssrData?._navContext) {
+        ssrData._navContext._denyHandledByBoundary = true;
+      }
+    }
+
     // Render the fallback component with the right props shape.
     if (parsed?.type === 'deny') {
       return createElement(this.props.fallbackComponent as never, {

package/src/client/ssr-data.ts

@@ -30,6 +30,13 @@ export interface SsrData {
   cookies: Map<string, string>;
   /** The request's route params (e.g. { id: '123' }) */
   params: Record<string, string | string[]>;
+  /**
+   * Mutable reference to NavContext for error boundary → RSC communication.
+   * When TimberErrorBoundary catches a DenySignal, it sets
+   * `_navContext._denyHandledByBoundary = true` to prevent the RSC entry
+   * from promoting the denial to page-level. See LOCAL-298.
+   */
+  _navContext?: { _denyHandledByBoundary?: boolean };
 }
 
 // ─── ALS-Backed Provider ─────────────────────────────────────────

package/src/client/use-router.ts

@@ -9,6 +9,7 @@
  * AppRouterInstance shape that ecosystem libraries expect.
  */
 
+import { startTransition } from 'react';
 import { getRouter } from './router-ref.js';
 
 export interface AppRouterInstance {
@@ -56,13 +57,24 @@ export function useRouter(): AppRouterInstance {
 
   return {
     push(href: string, options?: { scroll?: boolean }) {
-      void router.navigate(href, { scroll: options?.scroll });
+      // Wrap in startTransition so React 19 tracks the async navigation.
+      // React 19's startTransition accepts async callbacks — it keeps
+      // isPending=true until the returned promise resolves. This means
+      // useTransition's isPending reflects the full RSC fetch + render
+      // lifecycle when wrapping router.push() in startTransition.
+      startTransition(async () => {
+        await router.navigate(href, { scroll: options?.scroll });
+      });
     },
     replace(href: string, options?: { scroll?: boolean }) {
-      void router.navigate(href, { scroll: options?.scroll, replace: true });
+      startTransition(async () => {
+        await router.navigate(href, { scroll: options?.scroll, replace: true });
+      });
     },
     refresh() {
-      void router.refresh();
+      startTransition(async () => {
+        await router.refresh();
+      });
     },
     back() {
       window.history.back();

package/src/plugins/shims.ts

@@ -173,21 +173,15 @@ export function timberShims(_ctx: PluginContext): Plugin {
         return 'export {};';
       }
 
-      // Stub for @timber-js/app/server in client environment.
-      // Exports throw-on-call stubs so named imports resolve but
-      // calling them gives a clear error instead of crashing the bundle.
+      // Error module for @timber-js/app/server in client environment.
+      // Server modules must never be bundled into the browser — if this
+      // module is reached, there is a broken import chain that needs fixing.
       if (id === '\0timber:server-empty') {
-        return `
-const stub = (name) => () => { throw new Error(name + "() is a server-only function and cannot be called in client code."); };
-export const headers = stub("headers");
-export const cookies = stub("cookies");
-export const notFound = stub("notFound");
-export const redirect = stub("redirect");
-export const permanentRedirect = stub("permanentRedirect");
-export const deny = stub("deny");
-export const searchParams = stub("searchParams");
-export const RedirectType = { push: "push", replace: "replace" };
-`;
+        return `throw new Error(
+  "[timber] @timber-js/app/server was imported from client code. " +
+  "Server modules (headers, cookies, redirect, deny, etc.) cannot be used in client components. " +
+  "If you need these APIs, move the import to a server component or middleware."
+);`;
       }
     },
   };

package/src/server/rsc-entry/index.ts

@@ -661,10 +661,17 @@ async function renderRoute(
   // Helper: check if render-phase signals were captured and return the
   // appropriate HTTP response. Used after both successful SSR (signal
   // promotion from Suspense) and failed SSR (signal outside Suspense).
-  function checkCapturedSignals(): Response | Promise<Response> | null {
+  //
+  // When `skipHandledDeny` is true (SSR success path), skip DenySignal
+  // promotion if the denial was already handled by a TimberErrorBoundary
+  // (e.g., slot error boundary). The boundary sets navContext._denyHandledByBoundary
+  // during SSR rendering. See LOCAL-298.
+  function checkCapturedSignals(
+    skipHandledDeny = false
+  ): Response | Promise<Response> | null {
     const sig = redirectSignal as RedirectSignal | null;
     if (sig) return buildRedirectResponse(_req, sig, responseHeaders);
-    if (denySignal) {
+    if (denySignal && !(skipHandledDeny && navContext._denyHandledByBoundary)) {
       return renderDenyPage(
         denySignal,
         segments,
@@ -703,7 +710,7 @@ async function renderRoute(
     // See design/05-streaming.md §"deferSuspenseFor and the Hold Window"
     await new Promise<void>((r) => setTimeout(r, 0));
 
-    const promoted = checkCapturedSignals();
+    const promoted = checkCapturedSignals(/* skipHandledDeny */ true);
     if (promoted) {
       ssrResponse.body?.cancel();
       return promoted;

package/src/server/slot-resolver.ts

@@ -186,6 +186,7 @@ export async function resolveSlotElement(
       // See design/02-rendering-pipeline.md §"Slot Access Failure = Graceful Degradation"
       element = h(TimberErrorBoundary, {
         fallbackComponent: SlotErrorFallback,
+        isSlotBoundary: true,
         children: element,
       });
 
@@ -257,6 +258,12 @@ function findSlotMatch(slotNode: ManifestSegmentNode, match: RouteMatch): SlotMa
     if (slotNode.page) {
       return { page: slotNode.page, chain: [slotNode] };
     }
+    // Check for optional-catch-all child — [[...slug]] matches zero segments
+    for (const child of slotNode.children ?? []) {
+      if (child.segmentType === 'optional-catch-all' && child.page) {
+        return { page: child.page, chain: [slotNode, child] };
+      }
+    }
     return null;
   }
 
@@ -280,11 +287,27 @@ function findSlotMatch(slotNode: ManifestSegmentNode, match: RouteMatch): SlotMa
     // Try dynamic segments if no static match
     if (!found) {
       for (const child of directChildren) {
-        if (child.segmentType === 'dynamic' || child.segmentType === 'catch-all') {
+        if (child.segmentType === 'dynamic') {
+          found = child;
+          break;
+        }
+      }
+    }
+
+    // Try catch-all segments — these consume ALL remaining URL segments,
+    // so we break out of the outer loop immediately.
+    if (!found) {
+      for (const child of directChildren) {
+        if (child.segmentType === 'catch-all' || child.segmentType === 'optional-catch-all') {
           found = child;
           break;
         }
       }
+      if (found) {
+        chain.push(found);
+        currentNode = found;
+        break;
+      }
     }
 
     // Try group children (transparent)

package/src/server/ssr-entry.ts

@@ -74,6 +74,13 @@ export interface NavContext {
   /** Request cookies as name→value pairs. Used by useCookie() during SSR
    *  to return correct cookie values before hydration. */
   cookies?: Map<string, string>;
+  /**
+   * Mutable flag: set by TimberErrorBoundary during SSR when it catches
+   * a DenySignal (via digest). This tells the RSC entry that the denial
+   * was contained by a slot error boundary and should NOT be promoted
+   * to a page-level deny. See LOCAL-298.
+   */
+  _denyHandledByBoundary?: boolean;
 }
 
 /**
@@ -111,6 +118,7 @@ export async function handleSsr(
       searchParams: navContext.searchParams,
       cookies: navContext.cookies ?? new Map(),
       params: navContext.params,
+      _navContext: navContext,
     };
 
     // Run the entire render inside the SSR data ALS scope.

package/src/server/tree-builder.ts

@@ -11,7 +11,6 @@
  */
 
 import type { SegmentNode, RouteFile } from '#/routing/types.js';
-import { TimberErrorBoundary } from '#/client/error-boundary.js';
 
 // ─── Types ───────────────────────────────────────────────────────────────────
 
@@ -55,6 +54,16 @@ export interface TreeBuilderConfig {
   loadModule: ModuleLoader;
   /** React.createElement or equivalent. */
   createElement: CreateElement;
+  /**
+   * Error boundary component for wrapping segments.
+   *
+   * This is injected by the caller rather than imported directly to avoid
+   * pulling 'use client' code into the server barrel (@timber-js/app/server).
+   * In the RSC environment, the RSC plugin transforms this import to a
+   * client reference proxy — the caller handles the import so the server
+   * barrel stays free of client dependencies.
+   */
+  errorBoundaryComponent?: unknown;
 }
 
 // ─── Component wrappers ──────────────────────────────────────────────────────
@@ -134,7 +143,8 @@ export interface TreeBuildResult {
  * Parallel slots are resolved at each layout level and composed as named props.
  */
 export async function buildElementTree(config: TreeBuilderConfig): Promise<TreeBuildResult> {
-  const { segments, params, searchParams, loadModule, createElement } = config;
+  const { segments, params, searchParams, loadModule, createElement, errorBoundaryComponent } =
+    config;
 
   if (segments.length === 0) {
     throw new Error('[timber] buildElementTree: empty segment chain');
@@ -166,7 +176,13 @@ export async function buildElementTree(config: TreeBuilderConfig): Promise<TreeB
     const segment = segments[i];
 
     // Wrap in error boundaries (status-code files + error.tsx)
-    element = await wrapWithErrorBoundaries(segment, element, loadModule, createElement);
+    element = await wrapWithErrorBoundaries(
+      segment,
+      element,
+      loadModule,
+      createElement,
+      errorBoundaryComponent
+    );
 
     // Wrap in AccessGate if segment has access.ts
     if (segment.access) {
@@ -198,7 +214,8 @@ export async function buildElementTree(config: TreeBuilderConfig): Promise<TreeB
               params,
               searchParams,
               loadModule,
-              createElement
+              createElement,
+              errorBoundaryComponent
             );
           }
         }
@@ -229,7 +246,8 @@ async function buildSlotElement(
   params: Record<string, string | string[]>,
   searchParams: unknown,
   loadModule: ModuleLoader,
-  createElement: CreateElement
+  createElement: CreateElement,
+  errorBoundaryComponent: unknown
 ): Promise<ReactElement> {
   // Load slot page
   const pageModule = slotNode.page ? await loadModule(slotNode.page) : null;
@@ -249,7 +267,13 @@ async function buildSlotElement(
   let element: ReactElement = createElement(PageComponent, { params, searchParams });
 
   // Wrap in error boundaries
-  element = await wrapWithErrorBoundaries(slotNode, element, loadModule, createElement);
+  element = await wrapWithErrorBoundaries(
+    slotNode,
+    element,
+    loadModule,
+    createElement,
+    errorBoundaryComponent
+  );
 
   // Wrap in SlotAccessGate if slot has access.ts
   if (slotNode.access) {
@@ -301,7 +325,8 @@ async function wrapWithErrorBoundaries(
   segment: SegmentNode,
   element: ReactElement,
   loadModule: ModuleLoader,
-  createElement: CreateElement
+  createElement: CreateElement,
+  errorBoundaryComponent: unknown
 ): Promise<ReactElement> {
   // Wrapping is applied inside-out. The last wrap call produces the outermost boundary.
   // Order: specific status → category → error.tsx (outermost)
@@ -315,7 +340,7 @@ async function wrapWithErrorBoundaries(
           const mod = await loadModule(file);
           const Component = mod.default;
           if (Component) {
-            element = createElement(TimberErrorBoundary, {
+            element = createElement(errorBoundaryComponent, {
               fallbackComponent: Component,
               status,
               children: element,
@@ -331,7 +356,7 @@ async function wrapWithErrorBoundaries(
         const mod = await loadModule(file);
         const Component = mod.default;
         if (Component) {
-          element = createElement(TimberErrorBoundary, {
+          element = createElement(errorBoundaryComponent, {
             fallbackComponent: Component,
             status: key === '4xx' ? 400 : 500, // category marker
             children: element,
@@ -346,7 +371,7 @@ async function wrapWithErrorBoundaries(
     const errorModule = await loadModule(segment.error);
     const ErrorComponent = errorModule.default;
     if (ErrorComponent) {
-      element = createElement(TimberErrorBoundary, {
+      element = createElement(errorBoundaryComponent, {
         fallbackComponent: ErrorComponent,
         children: element,
       } satisfies ErrorBoundaryProps);

package/dist/_chunks/use-cookie-HcvNlW4L.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"use-cookie-HcvNlW4L.js","names":[],"sources":["../../src/client/ssr-data.ts","../../src/client/use-cookie.ts"],"sourcesContent":["/**\n * SSR Data — per-request state for client hooks during server-side rendering.\n *\n * RSC and SSR are separate Vite module graphs (see design/18-build-system.md),\n * so the RSC environment's request-context ALS is not visible to SSR modules.\n * This module provides getter/setter functions that ssr-entry.ts uses to\n * populate per-request data for React's render.\n *\n * Request isolation: On the server, ssr-entry.ts registers an ALS-backed\n * provider via registerSsrDataProvider(). getSsrData() reads from the ALS\n * store, ensuring correct per-request data even when Suspense boundaries\n * resolve asynchronously across concurrent requests. The module-level\n * setSsrData/clearSsrData functions are kept as a fallback for tests\n * and environments without ALS.\n *\n * IMPORTANT: This module must NOT import node:async_hooks or any Node.js-only\n * APIs, as it's imported by 'use client' hooks that are bundled for the browser.\n * The ALS instance lives in ssr-entry.ts (server-only); this module only holds\n * a reference to the provider function.\n */\n\n// ─── Types ────────────────────────────────────────────────────────\n\nexport interface SsrData {\n  /** The request's URL pathname (e.g. '/dashboard/settings') */\n  pathname: string;\n  /** The request's search params as a plain record */\n  searchParams: Record<string, string>;\n  /** The request's cookies as name→value pairs */\n  cookies: Map<string, string>;\n  /** The request's route params (e.g. { id: '123' }) */\n  params: Record<string, string | string[]>;\n}\n\n// ─── ALS-Backed Provider ─────────────────────────────────────────\n//\n// Server-side code (ssr-entry.ts) registers a provider that reads\n// from AsyncLocalStorage. This avoids importing node:async_hooks\n// in this browser-bundled module.\n\nlet _ssrDataProvider: (() => SsrData | undefined) | undefined;\n\n/**\n * Register an ALS-backed SSR data provider. Called once at module load\n * by ssr-entry.ts to wire up per-request data via AsyncLocalStorage.\n *\n * When registered, getSsrData() reads from the provider (ALS store)\n * instead of module-level state, ensuring correct isolation for\n * concurrent requests with streaming Suspense.\n */\nexport function registerSsrDataProvider(provider: () => SsrData | undefined): void {\n  _ssrDataProvider = provider;\n}\n\n// ─── Module-Level Fallback ────────────────────────────────────────\n//\n// Used by tests and as a fallback when no ALS provider is registered.\n\nlet currentSsrData: SsrData | undefined;\n\n/**\n * Set the SSR data for the current request via module-level state.\n *\n * In production, ssr-entry.ts uses ALS (runWithSsrData) instead.\n * This function is retained for tests and as a fallback.\n */\nexport function setSsrData(data: SsrData): void {\n  currentSsrData = data;\n}\n\n/**\n * Clear the SSR data after rendering completes.\n *\n * In production, ALS scope handles cleanup automatically.\n * This function is retained for tests and as a fallback.\n */\nexport function clearSsrData(): void {\n  currentSsrData = undefined;\n}\n\n/**\n * Read the current request's SSR data. Returns undefined when called\n * outside an SSR render (i.e. on the client after hydration).\n *\n * Prefers the ALS-backed provider when registered (server-side),\n * falling back to module-level state (tests, legacy).\n *\n * Used by client hooks' server snapshot functions.\n */\nexport function getSsrData(): SsrData | undefined {\n  if (_ssrDataProvider) {\n    return _ssrDataProvider();\n  }\n  return currentSsrData;\n}\n","/**\n * useCookie — reactive client-side cookie hook.\n *\n * Uses useSyncExternalStore for SSR-safe, reactive cookie access.\n * All components reading the same cookie name re-render on change.\n * No cross-tab sync (intentional — see design/29-cookies.md).\n *\n * See design/29-cookies.md §\"useCookie(name) Hook\"\n */\n\nimport { useSyncExternalStore } from 'react';\nimport { getSsrData } from './ssr-data.js';\n\n// ─── Types ────────────────────────────────────────────────────────────────\n\nexport interface ClientCookieOptions {\n  /** URL path scope. Default: '/'. */\n  path?: string;\n  /** Domain scope. Default: omitted (current domain). */\n  domain?: string;\n  /** Max age in seconds. */\n  maxAge?: number;\n  /** Expiration date. */\n  expires?: Date;\n  /** Cross-site policy. Default: 'lax'. */\n  sameSite?: 'strict' | 'lax' | 'none';\n  /** Only send over HTTPS. Default: true in production. */\n  secure?: boolean;\n}\n\nexport type CookieSetter = (value: string, options?: ClientCookieOptions) => void;\n\n// ─── Module-Level Cookie Store ────────────────────────────────────────────\n\ntype Listener = () => void;\n\n/** Per-name subscriber sets. */\nconst listeners = new Map<string, Set<Listener>>();\n\n/** Parse a cookie name from document.cookie. */\nfunction getCookieValue(name: string): string | undefined {\n  if (typeof document === 'undefined') return undefined;\n  const match = document.cookie.match(\n    new RegExp('(?:^|;\\\\s*)' + name.replace(/[.*+?^${}()|[\\]\\\\]/g, '\\\\$&') + '\\\\s*=\\\\s*([^;]*)')\n  );\n  return match ? decodeURIComponent(match[1]) : undefined;\n}\n\n/** Serialize options into a cookie string suffix. */\nfunction serializeOptions(options?: ClientCookieOptions): string {\n  if (!options) return '; Path=/; SameSite=Lax';\n  const parts: string[] = [];\n  parts.push(`Path=${options.path ?? '/'}`);\n  if (options.domain) parts.push(`Domain=${options.domain}`);\n  if (options.maxAge !== undefined) parts.push(`Max-Age=${options.maxAge}`);\n  if (options.expires) parts.push(`Expires=${options.expires.toUTCString()}`);\n  const sameSite = options.sameSite ?? 'lax';\n  parts.push(`SameSite=${sameSite.charAt(0).toUpperCase()}${sameSite.slice(1)}`);\n  if (options.secure) parts.push('Secure');\n  return '; ' + parts.join('; ');\n}\n\n/** Notify all subscribers for a given cookie name. */\nfunction notify(name: string): void {\n  const subs = listeners.get(name);\n  if (subs) {\n    for (const fn of subs) fn();\n  }\n}\n\n// ─── Hook ─────────────────────────────────────────────────────────────────\n\n/**\n * Reactive hook for reading/writing a client-side cookie.\n *\n * Returns `[value, setCookie, deleteCookie]`:\n * - `value`: current cookie value (string | undefined)\n * - `setCookie`: sets the cookie and triggers re-renders\n * - `deleteCookie`: deletes the cookie and triggers re-renders\n *\n * @param name - Cookie name.\n * @param defaultOptions - Default options for setCookie calls.\n */\nexport function useCookie(\n  name: string,\n  defaultOptions?: ClientCookieOptions\n): [value: string | undefined, setCookie: CookieSetter, deleteCookie: () => void] {\n  const subscribe = (callback: Listener): (() => void) => {\n    let subs = listeners.get(name);\n    if (!subs) {\n      subs = new Set();\n      listeners.set(name, subs);\n    }\n    subs.add(callback);\n    return () => {\n      subs!.delete(callback);\n      if (subs!.size === 0) listeners.delete(name);\n    };\n  };\n\n  const getSnapshot = (): string | undefined => getCookieValue(name);\n  const getServerSnapshot = (): string | undefined => getSsrData()?.cookies.get(name);\n\n  const value = useSyncExternalStore(subscribe, getSnapshot, getServerSnapshot);\n\n  const setCookie: CookieSetter = (newValue: string, options?: ClientCookieOptions) => {\n    const merged = { ...defaultOptions, ...options };\n    document.cookie = `${name}=${encodeURIComponent(newValue)}${serializeOptions(merged)}`;\n    notify(name);\n  };\n\n  const deleteCookie = (): void => {\n    const path = defaultOptions?.path ?? '/';\n    const domain = defaultOptions?.domain;\n    let cookieStr = `${name}=; Max-Age=0; Expires=Thu, 01 Jan 1970 00:00:00 GMT; Path=${path}`;\n    if (domain) cookieStr += `; Domain=${domain}`;\n    document.cookie = cookieStr;\n    notify(name);\n  };\n\n  return [value, setCookie, deleteCookie];\n}\n"],"mappings":";;AAwCA,IAAI;AAkBJ,IAAI;;;;;;;AAQJ,SAAgB,WAAW,MAAqB;AAC9C,kBAAiB;;;;;;;;AASnB,SAAgB,eAAqB;AACnC,kBAAiB,KAAA;;;;;;;;;;;AAYnB,SAAgB,aAAkC;AAChD,KAAI,iBACF,QAAO,kBAAkB;AAE3B,QAAO;;;;;;;;;;;;;;ACxDT,IAAM,4BAAY,IAAI,KAA4B;;AAGlD,SAAS,eAAe,MAAkC;AACxD,KAAI,OAAO,aAAa,YAAa,QAAO,KAAA;CAC5C,MAAM,QAAQ,SAAS,OAAO,MAC5B,IAAI,OAAO,gBAAgB,KAAK,QAAQ,uBAAuB,OAAO,GAAG,mBAAmB,CAC7F;AACD,QAAO,QAAQ,mBAAmB,MAAM,GAAG,GAAG,KAAA;;;AAIhD,SAAS,iBAAiB,SAAuC;AAC/D,KAAI,CAAC,QAAS,QAAO;CACrB,MAAM,QAAkB,EAAE;AAC1B,OAAM,KAAK,QAAQ,QAAQ,QAAQ,MAAM;AACzC,KAAI,QAAQ,OAAQ,OAAM,KAAK,UAAU,QAAQ,SAAS;AAC1D,KAAI,QAAQ,WAAW,KAAA,EAAW,OAAM,KAAK,WAAW,QAAQ,SAAS;AACzE,KAAI,QAAQ,QAAS,OAAM,KAAK,WAAW,QAAQ,QAAQ,aAAa,GAAG;CAC3E,MAAM,WAAW,QAAQ,YAAY;AACrC,OAAM,KAAK,YAAY,SAAS,OAAO,EAAE,CAAC,aAAa,GAAG,SAAS,MAAM,EAAE,GAAG;AAC9E,KAAI,QAAQ,OAAQ,OAAM,KAAK,SAAS;AACxC,QAAO,OAAO,MAAM,KAAK,KAAK;;;AAIhC,SAAS,OAAO,MAAoB;CAClC,MAAM,OAAO,UAAU,IAAI,KAAK;AAChC,KAAI,KACF,MAAK,MAAM,MAAM,KAAM,KAAI;;;;;;;;;;;;;AAiB/B,SAAgB,UACd,MACA,gBACgF;CAChF,MAAM,aAAa,aAAqC;EACtD,IAAI,OAAO,UAAU,IAAI,KAAK;AAC9B,MAAI,CAAC,MAAM;AACT,0BAAO,IAAI,KAAK;AAChB,aAAU,IAAI,MAAM,KAAK;;AAE3B,OAAK,IAAI,SAAS;AAClB,eAAa;AACX,QAAM,OAAO,SAAS;AACtB,OAAI,KAAM,SAAS,EAAG,WAAU,OAAO,KAAK;;;CAIhD,MAAM,oBAAwC,eAAe,KAAK;CAClE,MAAM,0BAA8C,YAAY,EAAE,QAAQ,IAAI,KAAK;CAEnF,MAAM,QAAQ,qBAAqB,WAAW,aAAa,kBAAkB;CAE7E,MAAM,aAA2B,UAAkB,YAAkC;EACnF,MAAM,SAAS;GAAE,GAAG;GAAgB,GAAG;GAAS;AAChD,WAAS,SAAS,GAAG,KAAK,GAAG,mBAAmB,SAAS,GAAG,iBAAiB,OAAO;AACpF,SAAO,KAAK;;CAGd,MAAM,qBAA2B;EAC/B,MAAM,OAAO,gBAAgB,QAAQ;EACrC,MAAM,SAAS,gBAAgB;EAC/B,IAAI,YAAY,GAAG,KAAK,4DAA4D;AACpF,MAAI,OAAQ,cAAa,YAAY;AACrC,WAAS,SAAS;AAClB,SAAO,KAAK;;AAGd,QAAO;EAAC;EAAO;EAAW;EAAa"}